We curate threat intelligence to provide situational awareness and actionable insights
Threat Identifier Detections
Atomic detections that serve as the foundation of our detection framework.
Threat Scenario Detections
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
Reports Hot Off the Forge
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Human Error Highlights a North Korean Intrusion
A network intrusion attributed to Andariel, a sub-group of North Korea's Lazarus group, exposed operational errors, including typos and misunderstanding of the system's language. This incident has led to the discovery of a new remote access trojan known as "EarlyRAT", showing further ties to the Lazarus group.
Canadian Energy Supplies Under Threat by Russian Actors
As per Canadian intelligence, Russian threat actors may target the country's energy sectors in a bid to disrupt supplies and retaliate against Ukraine allies. A potentially significant cybersecurity issue, it highlights the importance of securing operational technology networks in energy-related industries.
APT28 Targets Roundcube Vulnerabilities to Exploit Ukrainian Organizations
Ukraine's CERT-UA and Recorded Future's Inskit Group have identified a spear phishing campaign by APT28, targeting Ukrainian government and military aviation sectors. The campaign exploits vulnerabilities in the Roundcube Webmail service to conduct reconnaissance, run exfiltration scripts, and gather user information, reflecting the group's relentless pursuit of strategic military advantages.
APT15 Resumes Operations with New Malware
After a period of inactivity, Chinese espionage group APT15 (aka Flea, Nickel) has resumed operations, launching a campaign against Western government entities using their new Graphican backdoor. APT15, known for their focus on governmental and diplomatic targets, demonstrates resilience and continuity in their threat activity, maintaining their victimology despite past setbacks.
Muddled Libra Showcases Proficiency with Multiple Toolkits
Meet Muddled Libra: a crafty threat group that's caught the eye of the pros over at Unit42. They've got a toolbox filled with cyber tricks and aren't afraid to use it. Big industries, from tech to finance, need to keep an eye out, as Muddled Libra doesn't shy away from shaking things up, especially when it comes to software supply chains.
A Sophisticated But Thwarted Intrusion from Volt Typhoon
CrowdStrike successfully prevents a sophisticated intrusion attempt by Chinese threat group Volt Typhoon. Their tactics, which involved exploiting ManageEngine vulnerabilities and employing custom web shells, highlight the group's commitment to covert operations and thorough reconnaissance.
About the Forge & Threat Reports
Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever- changing threat landscape.
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
.svg)
.png)
Build Detections You Want, Where You Want
